Yesterday, Intel unveiled a new attack on its processor called "ZombieLoad", in the footsteps of security snafu "Specter" and "Meltdown" last year. The CPU manufacturer has informed the public of the problems facing the public and many devices and OS manufacturers have already corrected their software. Among the products now secure, there is Google's ChromeOS, but not Android running on Intel silicon.

The attack itself is officially called MDS (Microarchitect Data Sampling) and consists of four separate security exploits that combine to provide targets to the attackers.

"Under certain conditions, MDS provides a program with the potential to read data that this program could not otherwise see," writes Intel. "The MDS techniques are based on sampling data leakage from small structures within the CPU using a speculative run-side channel executed locally." However, even if the problem is serious, it does not allow attackers to target specific programs or files: "MDS alone does not allow you to choose the data that leaked." Until now, the company is not aware of any real world exploit via MDS.

Fortunately, most Google users are not affected by these issues. Chrome OS had already been fixed on May 1 with version 74 (disabling Hyper-Threading, which you can reactivate), with additional mitigation measures planned for 75. However, the Chrome browser must rely on patches provided by the operating system. who he runs. Most Android users are not affected at all either, as the problem does not arise on ARM processors. Unfortunately, Google does not have a solution for the few devices that use Intel chips and writes: "For Intel-based systems that are not Chrome OS devices, users should contact their device manufacturer for updates. available day. "

Intel has tried to minimize the problems, especially since the latter have been affected by many of these so-called secondary channel attacks. He would not even pay the highest price for the researcher who discovered the exploit for the first time. Nevertheless, the company reacted quickly and managed to solve the problems with less performance results than the software fixes for the previous security snafus, which is a good thing.

Image credit: JiahuiH